lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon Mar 13 23:18:18 2006
From: lyal.collins at key2it.com.au (Lyal Collins)
Subject: HTTP AUTH BASIC monowall.

Yup, that's right: All PKI authentication is only as good as the passwords
protecting private keys where such passwords exist, and the complementary
endpoint security controls.

The server is 'authenticated' by the site admin installing a cert and
entering a password.  After that the machine is a device with 'power of
attorney-like' privileges about the site's authentication. If the site admin
account is compromised, so is the site authentication offered by the site
SSL cert. 
If the user has a client cert, it is used when the client validates the
user's password. No password on the client cert = no user auth, merely
authentication of a public/private key pair that might be under the user's
control.
Thus the server sees a crypto outcome controlled solely by strength of the
user's password - nothing more (assuming an otherwise secure client).
If the user has a password but no cert, then authentication occurs at the
server accepting the user's password.

Local attacks at the client end include the range of local account hacks,
and any backdoor/trojan/keysniffing malware that allows an attacker remote
access to the user's password and or private key.

Lyal


-----Original Message-----
From: Tim [mailto:tim-security@...tinelchicken.org] 
Sent: Tuesday, 14 March 2006 10:02 AM
To: Lyal Collins
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] HTTP AUTH BASIC monowall.


> Although something else may have been intended by using the phrase 
> "password-authenticated key agreement", lets not forget that's all PKI 
> is - key agreement based on verifying a password. At the server end, 
> the site admins password is verified e.g. for SSL servers At the 
> client, if you're lucky, the user chose a hard to crack password.

Hmm... Your terminology is sounding a bit off.  Passwords are symmetric
keys.  PKI stands for Public Key Infrastructure.  I think what you mean here
is that the server's public key (contained in the certificate) is verified
based on a provided signature/challenge generated by the server's private
key, and by signatures of "trusted" certificate authorities, along with a
whole host of other things.  Sure the site admins may protect their private
key with a password, but even if they don't, it has nothing to do with the
PKI.

As for the client side, they usually use passwords, but they may also use
client-side certificates in SSL with no password at all.

> That, and the access controls on each ndpoint is all that 
> authenticates any PKI-based schema.

True, if you are worried about local attackers at the endpoint.  These
access controls are usually permissions in conjunction with a symmetric key
(password).

tim

Powered by blists - more mailing lists